[Openswan Users] iptables settings
Richard Abbuhl
rabbuhl at VoCognition.com
Fri Jul 30 22:26:30 CEST 2004
Hi,
With Fedora Core 1 and freeswan, the following iptables rule was sufficient for my for my internet connection to function properly.
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
With Fedora Core 2 and openswan, it seemsthat the above rule is not sufficient. I also need all of these rules(*):
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -t nat -I POSTROUTING -o $EXTIF -p esp -j ACCEPT
$IPTABLES -t nat -I POSTROUTING -o $EXTIF -p ah -j ACCEPT
However, I have still have a problem using Remote Desktop Connection and have tried these rules:
# I saw this rule like this in the openswan documentation.
# $IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 172.xx.x.x/16 -d ! 192.xxx.x.x/24 -j MASQUERADE
# This was a guess.
# $IPTABLES -t nat -I POSTROUTING -o $EXTIF -p tcp --dport 3389 -j ACCEPT
# I thought this might open the RDC ports.
# $IPTABLES -A INPUT -p tcp --sport 3389 --dport 3389 -j ACCEPT
# $IPTABLES -A OUTPUT -p tcp --sport 3389 --dport 3389 -j ACCEPT
It seems that no matter what I need these rule (*) for my internet connection to function properly. What additional rules are needed for my VPN connection to function properly with Remote Desktop Connection?
Regards,
Richard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040730/42f16d74/attachment.htm
More information about the Users
mailing list